Auroranexis documentation
The Compliance module helps agency owners and admins prepare for audits, procurement reviews, and regulatory conversations. Open Dashboard → Compliance to review readiness scores, search the audit explorer, manage GDPR data subject requests, configure retention rules, record security incidents, and export evidence bundles. These tools support operational readiness — they do not certify your agency for any framework or regulation.
Auroranexis records significant workspace activity — user actions, configuration changes, report publishing, integration events, API usage, and more — in an organization-scoped audit trail. The Compliance module aggregates that activity with governance controls, retention configuration, GDPR request tracking, and security incident records into a single readiness view at Dashboard → Compliance.
The compliance dashboard shows a composite compliance score, maturity level, framework readiness percentages, open findings, and counts of open GDPR requests and security incidents. Framework cards cover common procurement targets including SOC 2, ISO 27001, GDPR, NIS2, DORA, and HIPAA readiness mappings. Percentages reflect implemented controls with available evidence — not certification status.
From the compliance workspace you can open the audit explorer for filtered event search, manage the GDPR center for data subject requests, review retention rules with simulation status, register security incidents, and download structured evidence exports. Full compliance features are included on the Business plan and above; Professional workspaces can review security settings and activity history elsewhere, but the dedicated compliance workspace and evidence tooling require Business or Enterprise.
Agencies managing client data face increasing pressure to demonstrate control over access, retention, incident response, and data subject rights. Enterprise prospects send security questionnaires; regulated clients ask for evidence of logging and retention alignment; internal governance teams need a single place to track GDPR requests without ad hoc spreadsheets.
The Compliance module exists to reduce the scramble before an audit by keeping evidence, policies, and request workflows in one place tied to your actual operational data. Rather than maintaining separate sampling spreadsheets, you can search audit events, export structured evidence bundles, and show how retention rules align with your documented policies.
GDPR tooling tracks access, deletion, export, correction, restriction, and consent withdrawal requests through a defined lifecycle. Your team still executes the legal process — Auroranexis provides the operational record, status tracking, and audit trail. Security incident records complement operational incident management by giving compliance reviewers a dedicated registry for posture-affecting events.
Contact support@auroranexis.com for onboarding support, billing questions, or product guidance. Include your workspace name, the module you are working in, and a brief description of your goal so we can respond efficiently.
A European-focused marketing agency receives monthly data subject access requests from former portal users. The admin creates Access requests in the GDPR center with subject emails and assigns internal ownership. As the legal process completes, status moves from open to processing to completed. Request records remain for audit sampling. Retention rules for portal_activity and reports are configured in simulation mode to mirror the agency's one-year client data policy.
An automation agency documents one-year retention for AI interaction logs alongside seven-year invoice retention. They configure retention rules for ai_logs (1y) and invoices (7y) in the retention overview. Coverage percentage increases as categories are defined. All rules show simulation-only status — the firm uses this in internal policy reviews to demonstrate alignment between documented policy and platform configuration without triggering automatic deletion.
A forty-client MSP on Business plan receives a vendor security questionnaire from a healthcare prospect. The operations director opens Dashboard → Compliance, reviews framework readiness cards as an internal checklist, and downloads an evidence bundle. Using Audit explorer, they filter high-severity configuration changes from the last ninety days and attach exported JSON plus screenshots to the questionnaire response. The agency's legal counsel validates all claims before submission.
After detecting unauthorized API key usage, a security consultancy records a high-severity security incident in Dashboard → Compliance with investigation status. They cross-reference the operational incident in the Incidents module for client delivery while keeping the compliance registry entry for governance review. Audit explorer confirms the key revocation and settings change events are captured with timestamps for the quarterly internal audit.
An agency with three regional offices previously maintained separate audit sampling spreadsheets. After upgrading to Business, the central compliance owner exports a single evidence bundle from Dashboard → Compliance before the annual internal review. Framework readiness cards highlight gaps in logging and incident management controls. Recommendations on the dashboard drive closure of two open findings before the external auditor arrives.
Common compliance issues
| Problem | Cause | Solution |
|---|---|---|
| Compliance menu not visible | User lacks owner or admin role with organization settings access | Confirm role in Settings → Team; only owners and admins with settings permissions can open Dashboard → Compliance |
| Module unavailable on your plan | Workspace is on Professional without Business compliance features | Upgrade to Business via Settings → Billing or contact sales for Enterprise compliance tooling |
| Missing audit entries for an action | Not all read operations are logged; action may predate audit capture or occurred outside authenticated session | Verify the action was performed by an authenticated user in your workspace; filter Audit explorer by date range and entity type |
| Low readiness score despite active usage | Controls require explicit configuration — retention rules, incident records, or evidence exports may be incomplete | Review dashboard recommendations and close open findings; define retention categories and record security incidents |
| Retention shows simulation only | v1 retention policies document intent without auto-deletion by design | Use simulation status in policy reviews; coordinate with support before any future active enforcement rollout |
| Evidence export fails or times out | Large workspace volume or concurrent export load | Retry during low-traffic periods; contact support with the timestamp if failures persist |
| GDPR request stuck in open status | Platform tracks lifecycle but does not auto-complete legal workflows | Update status manually as your legal process advances; add internal notes for audit context |